The Tribune

A RECENT data security incident “may have compromised” the security of payment information of some customers who used debit or credit cards at food and beverage and retail locations at the Atlantis resort on Paradise Island between November 1, 2016 and April 3, 2017, the hotel said.

The luxury resort said it has engaged professionals “who have corrected the issue and customers can now safely use their credit and debit cards at the food and beverage and retail locations” at the property.

The incident did not affect credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room, the resort also noted in a press release.

The hotel added it began investigating unusual activity after receiving reports from its credit card processor.

“The resort immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems,” the hotel’s press release noted.

“On May 10, 2017, the resort confirmed the existence of suspicious files on its computer systems that indicated a potential compromise of customers’ credit and debit card data for some credit and debit cards used at food and beverage and retail locations at the resort.

“The resort has been working with third-party forensic investigators to determine what happened and what information was affected. The resort has confirmed that malware may have captured data from some credit and debit cards used at food and beverage and retail locations at the resort.

“The resort has removed the malware at issue to contain this incident and implemented additional procedures in an effort to prevent any further unauthorised access to customers’ credit and debit card information. This incident did not affect credit and debit cards used to make or pay for hotel reservations or purchases made by guests who charged their food and beverage or retail purchases back to their room.”

According to Atlantis officials, the resort has confirmed that the malware in question may have captured credit and debit card data from some credit and debit cards used at food and beverage and retail locations between the period in question.

“The information at risk as a result of this event for credit or debit cards used at the impacted locations includes the card number, expiration date and CVV,” the hotel said. “This incident did not involve customers’ Social Security numbers as this information is never collected by the resort. This incident did not involve customers’ names or PIN numbers, either,” the press release added.

Howard C Karawan, president and managing director of Atlantis, Paradise Island said the resort takes the security of customers’ information seriously.

“We continue to work with third-party forensic investigators to ensure the security of our systems on behalf of our customers and would like to take this opportunity to remind customers to remain vigilant against fraud by reviewing their financial account statements regularly and reporting any suspicious activity,” Mr Karawan added.

Customers can email notices@atlantisparadise.com for more information regarding this incident. They can also find information on this incident and what they can do to better protect against fraud and identity theft at www.atlantisbahamas.com.

The resort also recommended that customers stay vigilant against identity theft by reviewing bank statements regularly and monitoring credit cards for suspicious activity.

Customers should immediately report any unauthorised charges to their card issuer.

Customers may also place a security freeze on their credit reports, the resort recommended.

A similar incident happened at the resort last year.

In late 2016, Atlantis announced that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at food and beverage and retail locations at the resort March 9 and October 22, 2016.